Filtered by vendor Expressjs
Subscriptions
Filtered by product Basic-auth-connect
Subscriptions
Total
1 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-47178 | 1 Expressjs | 1 Basic-auth-connect | 2024-11-15 | 5.3 Medium |
| basic-auth-connect is Connect's Basic Auth middleware in its own module. basic-auth-connect < 1.1.0 uses a timing-unsafe equality comparison that can leak timing information. This issue has been fixed in basic-auth-connect 1.1.0. | ||||
Page 1 of 1.